Unusual activity

Simon Matthews simon at paxonet.com
Thu May 23 02:24:38 UTC 2002


In scanning my logfiles for keywords, I came across some unusual activity. 
Now this may just be a coincidence, but since I have nver seen this 
before, it does look strange. Is someone trying a DDOS attack on my 
server, or is it to do with an old vunerability ("infoleak")?

What is interesting is how these are so closely grouped in time and the 
fact that I have never seen them before (and I configured BIND not to 
allow recursion from external sites some months back). 

Also, who needs to look up "."?

Anyone care to comment?

May 22 10:42:04 bastion.coreel.com named[2791]: denied recursion for query 
from [63.236.62.70].33069 for . 
May 22 10:42:05 bastion.coreel.com named[2791]: denied recursion for query 
from [130.94.90.52].33052 for . 
May 22 10:42:05 bastion.coreel.com named[2791]: denied recursion for query 
from [66.150.15.72].33084 for . 
May 22 10:42:05 bastion.coreel.com named[2791]: denied recursion for query 
from [63.150.152.73].33023 for . May 22 10:42:05 bastion.coreel.com 
named[2791]: denied recursion for query from [128.241.247.53].33002 for . 
May 22 10:42:05 bastion.coreel.com named[2791]: denied recursion for query 
from [61.213.186.231].33022 for . 
May 22 10:42:05 bastion.coreel.com named[2791]: denied recursion for query 
from [62.41.152.88].33035 for . 
May 22 10:42:06 bastion.coreel.com named[2791]: denied recursion for query 
from [63.236.62.70].33069 for . 
May 22 10:42:06 bastion.coreel.com named[2791]: denied recursion for query 
from [130.94.90.52].33052 for . 
May 22 10:42:06 bastion.coreel.com named[2791]: denied recursion for query 
from [66.150.15.72].33084 for . 
May 22 10:42:07 bastion.coreel.com named[2791]: denied recursion for query 
from [63.150.152.73].33023 for . May 22 10:42:07 bastion.coreel.com 
named[2791]: denied recursion for query from [128.241.247.53].33002 for . 
May 22 10:42:07 bastion.coreel.com named[2791]: denied recursion for query 
from [61.213.186.231].33022 for . 
May 22 10:42:07 bastion.coreel.com named[2791]: denied recursion for query 
from [62.41.152.88].33035 for . 
May 22 10:47:06 bastion.coreel.com named[2791]: denied recursion for query 
from [63.150.152.73].33023 for . May 22 10:47:06 bastion.coreel.com 
named[2791]: denied recursion for query from [66.150.15.72].33084 for . 
May 22 10:47:06 bastion.coreel.com named[2791]: denied recursion for query 
from [61.213.186.231].33022 for . 
May 22 10:47:06 bastion.coreel.com named[2791]: denied recursion for query 
from [130.94.90.52].33052 for . 
May 22 10:47:06 bastion.coreel.com named[2791]: denied recursion for query 
from [63.236.62.70].33069 for . 
May 22 10:47:06 bastion.coreel.com named[2791]: denied recursion for query 
from [62.41.152.88].33035 for . 
May 22 10:47:06 bastion.coreel.com named[2791]: denied recursion for query 
from [128.241.247.53].33002 for . 
May 22 10:47:07 bastion.coreel.com named[2791]: denied recursion for query 
from [63.150.152.73].33023 for . May 22 10:47:07 bastion.coreel.com 
named[2791]: denied recursion for query from [66.150.15.72].33084 for . 
May 22 10:47:07 bastion.coreel.com named[2791]: denied recursion for query 
from [130.94.90.52].33052 for . 
May 22 10:47:07 bastion.coreel.com named[2791]: denied recursion for query 
from [61.213.186.231].33022 for . 
May 22 10:47:07 bastion.coreel.com named[2791]: denied recursion for query 
from [63.236.62.70].33069 for . 
May 22 10:47:07 bastion.coreel.com named[2791]: denied recursion for query 
from [62.41.152.88].33035 for . 
May 22 10:47:08 bastion.coreel.com named[2791]: denied recursion for query 
from [128.241.247.53].33002 for .



More information about the bind-users mailing list